Mastodawn

Here’s the super high level summary of the Meta Ray-Ban’s Bluetooth protocol (DataX/Airshield framework), based on traffic capture, decompiling the Meta Wearable SDK, and disassembling the Meta AI app:

To connect:

Get PSM (port) for the L2cap connection by looking at BLE service ID FD5F and characteristic 05ACBE9F-6F61-4CA9-80BF-C8BBB52991C0

this is 4 bytes - the last 2 bytes (little endian) is the PSM

Open L2cap connection

Datax sends messages on “channels”; each channel is connected to a “service”

Both the phone and the device do this handshake:

in the first message, open channel 1 by connecting to service LINK_SETUP (0x05) and sending RequestEncryption message

wait for the other side’s RequestEncryption message

in the second message, on channel 1, send EnableEncryption

wait for the other side’s EnableEncryption

perform ECDH to get a shared secret, setup encryption

This is all done in native code even in the Android phone app/SDK. Once the initial connection is open, though, other services are implemented in Java on the Android Meta AI app and SDK.

For pairing in the Meta AI App, the phone app sends IdentityRequest after opening the connection.

When I tested connecting to the device, the device also opens:

channel 0x1e (identity/applinks) and sends com.oculus.applinks.EnableTrust
channel 0x4f (CONSTELLATIONAUTH) and sends com.meta.constellationauth.EnableTrust

The SDK doesn’t have the applinks service (not sure if the phone app does), but does have code for handing CONSTELLATIONAUTH, including sending app manifests - this is probably how it checks if the SDK app is allowed.

Himanshu Anand Feb 1

Zhuowei Zhang Feb 1

Fun fact: the Meta Ray-Ban Display's firmware still has a bunch of code named "Wrist<something>" - probably because, when Meta's smartwatch was cancelled in 2022, its development team pivoted to smart glasses.
(https://www.macrumors.com/2022/11/14/meta-cancels-development-of-health-and-messaging-focused-smartwatch/)

Meta Cancels Development of Health and Messaging-Focused Smartwatch

Meta has scrapped the development of its health and messaging-focused smartwatch, in an abrupt end to the company's plans to directly compete...

MacRumors

Himanshu Anand Sep 14, 2025

The lack of common sense among the people, it should be called "uncommon sense".

Himanshu Anand Mar 9, 2025

Molly White Mar 9, 2025

happy international women's day to trans women in particular

Himanshu Anand Feb 22, 2025

Himanshu Anand Feb 18, 2025

I like ARGO it still comes with CD. 🫣

Himanshu Anand Jan 30, 2025

Marid Vex de Uill Jan 20, 2025

Are there any #Permacomputing #SolarPunk or #Luddite -adjacent communities in #Brighton -- especially ones that meet in person? Would love to find people locally to mix ideas with.

Himanshu Anand Jan 30, 2025

Honored to be quoted in @techcrunch_official 's latest article on the hijacking of WordPress sites to distribute Windows and Mac malware. It's crucial for website owners to stay vigilant and implement robust security measures.
Read more: https://techcrunch.com/2025/01/29/hackers-are-hijacking-wordpress-sites-to-push-windows-and-mac-malware/

Hackers are hijacking WordPress sites to push Windows and Mac malware | TechCrunch

A cybersecurity company says hackers are pushing Mac and Windows malware through sites that are using outdated versions of WordPress.

TechCrunch

Himanshu Anand Jan 29, 2025

I was expecting a crash, but I guess the system's a bit rusty…

Himanshu Anand Jan 13, 2025

Pretty interesting usecase we found. The malJS injected was like a CTF challenge that ask players to escalate from XSS to RCE.

https://cside.dev/blog/over-5k-wordpress-sites-caught-in-wp3xyz-malware-attack

Over 5,000 WordPress sites caught in WP3.XYZ malware attack

We’ve uncovered a widespread malware campaign targeting WordPress websites, affecting over 5,000 sites globally. The malicious domain: "https://wp3.xyz/plugin[.]php".

c/side